mc-fucker/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added headscale to vpn server

Browse source
This commit is contained in:
mc-fucker 2021-12-03 17:51:47 +01:00
parent 576267e458
commit 3301697593
2 changed files with 67 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

66
modules/headscale.nix Normal file
View file

@ -0,0 +1,66 @@
{ pkgs, lib, ... }:
let
headscalePort = "6969";
headscaleDomain = "vpn.mc-fucker.cool";
in
{
environment = {
systemPackages = with pkgs; [ headscale wireguard ];
etc = {
"headscale/config.yaml".text = ''
---
disable_check_updates: true
server_url: http://${headscaleDomain}:${headscalePort}
listen_addr: 0.0.0.0:${headscalePort}
ephemeral_node_inactivity_timeout: "30m"
private_key_path: /etc/nixos/keys/headscale-key
db_type: sqlite3
db_path: db.sqlite
derp:
urls:
- https://controlplane.tailscale.com/derpmap/default
paths:
- /etc/headscale/derp-example.yaml
auto_update_enabled: true
update_frequency: 24h
dns_config:
magic_dns: true
base_domain: ${headscaleDomain}
nameservers:
- 9.9.9.9
'';
"headscale/derp-example.yaml".text = ''
regions:
900:
regionid: 900
regioncode: custom
regionname: My Region
nodes:
- name: 1a
regionid: 1
hostname: myderp.mydomain.no
ipv4: 123.123.123.123
ipv6: "2604:a880:400:d1::828:b001"
stunport: 0
stunonly: false
derptestport: 0
'';
};
};
systemd.services.headscale = {
description = "Headscale VPN Server";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
serviceConfig = {
ExecStart = "${pkgs.headscale}/bin/headscale serve";
ExecReload = "/bin/kill -HUP $MAINPID";
Restart = "on-failure";
Type = "simple";
};
};
networking.firewall.allowedTCPPorts = [ (lib.strings.toInt headscalePort) ];
}
# vim: set et ts=2 sw=2 ai:

1
systems/vpn/configuration.nix
View file

@ -4,6 +4,7 @@
[
./hardware-configuration.nix
./modules/generic.nix
./modules/headscale.nix
];
system.stateVersion = "21.11";
}